Exploits, Ethics, and the ‘Little Old Lady’ Problem

Last week, I attended the Rhetoric Society of America Summer Institute in Boulder, Colorado. The Institute features week-long seminars and three-day workshops organized around research topics. I attended a fantastic workshop entitled “Nonrational Rhetorics” that was organized and led by Debbie Hawhee and Diane Davis. While this topic includes various research programs – including but not limited to animal studies, affect theory, object-oriented rhetoric, psychoanalysis – it’s very difficult to answer the question: “So, what is nonrational rhetoric, anyway?” I attempted to answer this question multiple times while talking to other attendees of the RSA Institute. One of the better answers comes from Thomas Rickert in an essay that we read during the workshop. The essay is entitled “Language’s Duality and the Rhetorical Problem of Music,” and it tackles the intersecting problems of rhetoric, meaning, and music by returning to Nietzsche’s early remarks regarding music. But it is Rickert’s description of “nonrational rhetoric” (even though he doesn’t use this label) that I’d like to point to here:

“It is difficult, then, in the face of the dominant will for determinate knowledge to side with indeterminacy and, even more precariously, make claims for it as a form of knowledge worth pursuing, one that is not just useful for rhetoric but already inscribed within all the language arts, rhetoric included.” (161)

This quotation neatly encapsulates our three-day conversation. If rhetorical studies has traditionally focused on the rational and determinate, this workshop was about an attempt to “make claims for [indeterminacy] as a form of knowledge worth pursuing.”

But what does this have to do with little old ladies? My own interest in this topic involves the problem of rationality and ethics. As Francisco Varela argues in Ethical Know-How, rationality isn’t a particularly useful way of understanding ethics: “â€œEthics is closer to wisdom than to reason, closer to understanding what is good than to correctly adjudicating particular situationsâ€ (3). Further, my interest in ethics, software, and networked environments is linked to the problem of hospitality that Derrida, Ronell, and Levinas articulate in various works. The network establishes a predicament of hospitality – others will arrive, whether we “invite” them or not. We are caught up in this hospitality the minute we enter networked environments. And this means that a rational approach to ethics in which I parse who or what should or should not be invited doesn’t quite measure up to the task. During our conversation in Boulder, I raised some of my own research questions about hacking, exploits, and ethics. And this, perhaps surprisingly, is how the problem of little old ladies came up.

Hacking is often about exploring and demonstrating possibilities. The hacking efforts of Anonymous and LulzSec are just two recent examples of this, but the tradition extends backward and spiders out. Hacking is about exploring a possibility space and about discovering exploits. It may result in the release or theft of personal information or in the breakdown of a Web service, but this is often a byproduct of an initial attempt to demonstrate possibility. When a hacking effort reveals that, for instance, a bank has not adequately protected customer data, that hack is often an attempt to demonstrate such flawed security efforts.

And this points to the difficult ethics of software exploits. Hacking is a way to perform the possible, to show (rather than tell) us what is going on. But is this an ethical move? If we reduce ethics to rational choice, hacking is unethical. A more “rational” move would be to tell people about the problem, to explain the difficulties rather than to go around releasing private data. When I raised this issue during the workshop, one of the participants responded this way: “That’s like saying that there’s an epidemic of people pushing over old ladies. Instead of telling people that this is a problem, hackers would just go around pushing old ladies to the ground.”

This is an interesting parallel, and I don’t think it’s a completely unreasonable one. I can explain to people that the “pushing down old ladies” epidemic is a problem that we must address. I can attempt to trigger a discussion of the problem. This would be an attempt at rational-critical discourse about something we might all agree is a problem. But another approach is to just go up to an old lady and push her. If nobody stops me, is this not a more effective demonstration of the problem? The hacker’s approach is closer to the latter, and it raises extremely difficult ethical questions.

The example of the “little old lady” carries a certain rhetorical force, and perhaps one could argue that it’s unfair to compare a broken hip to a stolen credit card number. Indeed, Diane Davis argued that comparing the material (little old lady) to the immaterial (information) makes this an unfair comparison. But I’m not comfortable arguing that information is immaterial. For me, the point still holds: What are the ethics of carrying out the hack instead of pointing to the problem? What are the immplications of performing the possible instead of simply raising the question and calling for discussion?

My own answer (or, at least, my answer as of today) is two-fold. First, I don’t see hacks or exploits as necessarily more or less ethical. Instead, I see them as raising difficult and ultimately unanswerable ethical questions. Who is responsible for the release of private customer data? The bank that had lax security? The hackers that took advantage of a gap in that security? The customers who trusted a corporation with their information? The lawmakers that failed to institute rigid network security regulations? The designers of the various network security protocols being used by the bank? The hacker becomes the scapegoat in these situations. But hacking points to and demonstrates a problem that might not otherwise be taken seriously. This at least suggests the possibility that the hack is a legitimate ethical response.

But in addition to this problem of undecidability and responsibility, the “little old lady” question points directly at the inadequacy of reducing ethics to rational choice. We do not approach ethical problems by stepping through decision trees and rationally weighing the options. Ethics is much messier than this. And those of us studying ethics in a networked, hospitable space have to somehow deal with this mess. Others will arrive – hackers, spambots, enemies, frenemies, trolls. Who will be filtered, and who will not? There is no networked space that can deal with the problem of hospitality in any final way. The only way to filter all others is to unplug from the network, and even this attempt to filter the other is an illusion. For Derrida and Levinas, the other is forever arriving, exposing my exposedness.

If networked environments are defined by a relation to various others, then hospitality will continue to present us with ethical predicaments. The hacker’s approach to this predicament is to perform the possible via the exploit. This may or may not be a preferable response in various rhetorical situations, but it can’t just be dismissed in the name of a rational discussion. And this puts me in the difficult position of arguing that, perhaps, pushing old ladies to the ground is not so clearly unethical. I am not at all comfortable with making this argument, but there it is. I have some more thinking to do.

One Comment

I enjoyed your post, Jim. I know that procedurality and object-oriented rhetorics are lurking in the background here, but I wanted to bring them to the foreground for a moment. (I know that you know all this, but just to put it on the table…) For Ian Bogost, all objects – including little old ladies and credit card accounts – have withdrawn logics, procedures that embody certain capacities for expression. In your examples, the hip bone works according to the logic of breakage in its encounter with the pavement; the credit card account reveals its information in its encounter with the procedures of the hacker. The little old lady and the credit card account have other capacities for expression; their withdrawn logics aren’t exhausted through their relations with the pavement or the hacker (or any other relation, for that matter).

I don’t remember to what extent Bogost discusses ethics (my sense is that he doesn’t, but this might just be my oversight), but we can imagine a sort of procedural ethics here. Do we have a sense of obligation to objects to help them express their withdrawn logics? We can frame this question in a number of ways. If we think of ethics as an obligation to others, this suggests to some extent that we want to let the logic of the other express itself without imposing our own logic upon it. But there’s a difference between not imposing your own logic and helping to bring out the logic of the other, and this goes well beyond human relations as well.

At some point here, we’re getting into questions of invention. I’m thinking here of things like Steven Johnson’s Where Good Ideas Come From and thoughts toward networked invention, the notion that innovation and invention benefits from having more objects on the table, exposed to one another, putting more logics at play. But how do we balance invention and ethics? To put it a different way, how do we balance our obligation to help objects express themselves and our obligation to minimize suffering?

It’s one thing to say that hackers are acting unethically by exposing personal information or ethically by highlighting the weaknesses of security systems and helping us make them stronger, but it’s something else entirely to ask if hackers have an obligation to the system and the code itself.

For some people, this line of questioning might be fruitless or absurd: why would we feel a sense of obligation to the bone rather than the little old lady, or to the code rather than the people with sensitive information encrypted in the system? Regardless of how we feel about these questions, we can follow the same line of thinking with much more traditional concerns, such as student writing. If our students have their own withdrawn logics, their own capacities for expression, is our job to help them express themselves according to the norms and logics of rational discourse, or should we think of ourselves as hackers, helping students engage and express capacities that don’t necessarily fit within established discursive parameters?

I’m starting to feel like these thoughts have wandered substantially from your post, but hopefully in a productive way. Thanks for sharing your RSA experience.